More Hackers Relying on Compromised Credentials

Cybercriminals are adapting their attack techniques, moving away from attacks waged with malware to using compromised credentials linked to privileged accounts to invade networks and systems, according to researchers at Dell SecureWorks.

More attackers are using native system tools and resources, most often going after privileged accounts, such as service accounts or domain administrator accounts, and using "the native capabilities of an environment to further their objective," says Phil Burdette, senior security researcher at Dell SecureWorks' counter threat unit during an interview with Information Security Media Group at RSA Conference 2016.

"This enables them to connect to other systems in the enterprise, by moving laterally to file servers and domain controllers or point-of-sale systems. Ultimately, there's a lot of focus in the security community around detecting malware and the infrastructure used by the malware, but it's important to also consider the possibility that an adversary may not need malware to achieve their objective, because they are going to follow the path of least resistance."

Attackers are using compromised credentials to access critical systems, say Burdette and Joe Stewart, director of malware research for the counter threat unit.

So how are credentials compromised? "We repeatedly see phishing emails purporting to be from the IT security staff, saying, 'We recently updated our new system, please log in to test your credentials,'" Burdette says. "And once the unknowing victim enters their credentials, those same credentials are used to remotely access the victim network masquerading as a legitimate user, usually through their VPN [virtual private network] solution or their Citrix solution, or even potentially accessing their email through Outlook Web access."

During this interview (see audio link below photos), Burdette and Stewart also discuss:

How nation-state tactics are being adopted and adapted by cybercriminals;

How a new open source solution can be used to help identify hacker intrusions;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.in, you agree to our use of cookies.